Secure data card with passive RFID chip and biometric sensor

ABSTRACT

Biometric authorization is provided for a passive secure data card. An additional layer of security may be provided in the form of a biometric password. Session timing may be enforced to limit opportunities of third parties to snoop transmitted information while providing ample time to complete the card transaction. Biometric retries may be enforced to limit opportunities of third parties to hack the biometric security.

BACKGROUND

1. Field of the Invention

The present invention relates to secure data cards with passive RFIDchips, and more specifically, to the integration of a biometric sensorsand security into passive secure data cards.

2. Description of the Related Art

Radio-frequency identification (RFID) is a technology that uses radiowaves to transfer data from an electronic tag, called an RFID tag, labelor secure data card, attached to an object, through a reader for thepurpose of identifying and tracking or monitoring the object. Some RFIDtags can be read from several meters away and beyond the line of sightof the reader. The application of bulk reading enables analmost-parallel reading of tags.

The tag's information is stored electronically. The RFID tag includes asmall RF transmitter and receiver. An RFID reader transmits an encodedradio signal to interrogate the tag. The tag receives the message andresponds with its identification information. Most RFID tags contain atleast two parts: one is an integrated circuit (i.e. the RFID chip) forstoring and processing information, modulating and demodulating aradio-frequency (RF) signal, and other specialized functions; the otheris an antenna for receiving and transmitting the signal.

A number of organizations have set standards for RFID, including theInternational Organization for Standardization (ISO), the InternationalElectrotechnical Commission (IEC), ASTM International, the DASH7Alliance and EPCglobal. (Refer to Regulation and standardization below.)There are also several specific industries that have set guidelinesincluding the Financial Services Technology Consortium (FSTC) has set astandard for tracking IT Assets with RFID, the Computer TechnologyIndustry Association CompTIA has set a standard for certifying RFIDengineers and the International Airlines Transport Association IATA settagging guidelines for luggage in airports.

RFID can be used in many applications. A tag can be affixed to anyobject and used to track and manage inventory, assets, people, etc. Forexample, it can be affixed to cars, computer equipment, books, mobilephones, etc. The Healthcare industry has used RFID to reduce counting,looking for things and auditing items. Many financial institutions useRFID to track key assets and automate compliance. Also with recentadvances in social media RFID is being used to tie the physical worldwith the virtual world. RFID in Social Media first came to light in 2010with Facebook's annual conference.

RFID is a superior and more efficient way of identifying objects thanmanual system or use of bar code systems that have been in use since the1970s. It is not necessary to “show” the tag to the reader device, aswith a bar code. In other words it does not require line of sight to“see” an RFID tag, the tag can be read inside a case, carton, box orother container, and unlike barcodes RFID tags can be read hundreds at atime. Bar codes can only be read one at a time.

RFID tags can be either passive, active or battery assisted passive.Passive RFID does not use a battery; instead the tag uses the radioenergy transmitted by the reader as its sole energy source. An activetag has an on-board battery that always broadcasts or beacons itssignal. A battery-assisted passive (BAP) has a small battery on boardthat is activated when in the presence of a RFID reader.

A primary RFID security concern is the illicit tracking of RFID tags.World-readable tags are activated in the presence of a RFID reader andbroadcast their information in an “open format” that can be read by astandard reader. Tags, which are world-readable, pose a risk to bothpersonal location privacy and corporate/military security. Active tagsmay broadcast continuously. Passive and BAP tags may broadcast as longas the tag is in the presence of a reader signal.

One security technique is to store the RFID tag in a cardholder thatforms a “Faraday Cage”, which blocks the RFID reader signal fromactivating the card. This approach is generally limited to the use ofRFID tags by people who can remove the card to allow it to be read andthen replace the card in the cage. This is both inconvenient to the userand blocks approved albeit stealthy monitoring of the cards.Furthermore, if the card is stolen there is no protection. Anotherapproach is to encode the broadcast information on a “closed format”.However, this requires the RFID reader to have specific permission toread the card. Another approach that has been considered is to providethe card with a biometric sensor such as a finger print sensor toactivate the card. Biometric security has been limited to active orbattery-assisted passive cards (see U.S. Pat. No. 7,028,893, US Pub.2000/080201265 and EP1420359).

BRIEF SUMMARY

In view of the foregoing, various secure data card embodiments with apassive RFID chip and biometric sensor are provided.

According to one embodiment of the present invention, a secure datacard, comprises at least one biometric sensor to sense biometric inputsfrom a card user and generate biometric input signals, at least one RFIDchip, antenna tuned to, receive an RF reader signal and a passive powermodule that converts power drawn exclusively from the reader signal topower the biometric sensor and RFID chip. The RFID chip comprises an RFtransmitter and one or more processors and memory units configured toimplement a communication module that stores information and whenactivated reads and sends the information to the RF transmitter totransmit an RF data signal via the antenna and a biometric module thatstores biometric parameters, and in response to biometric input from thebiometric sensor compares the biometric input signal to the storedbiometric parameters and, upon determination of a match activates thecommunication module. In embodiments the card preferably transmits theRF data signal in an open format to maintain backward compatibility withan installed base of RFID card readers.

According to an embodiment of the present invention, upon determinationof a match the biometric module activates the communication module for aspecified session time period provided power is still available from thereader signal. The session time period may be just long enough totransmit the RF data signal once to complete a transaction or aspecified Multiple or may be user defined during card initialization.

According to an embodiment of the present invention, the biometricmodule stores a connection attempt threshold and counts a card user'snumber of attempts to provide the biometric inputs to match thebiometric parameters. If the connection attempt threshold is exceeded,the biometric module permanently alters the secure information storedwith the communication module and suitably the biometric parametersstored with the biometric module. The biometric module may overwrite theinformation with a permanent error that is transmitted if and when thecard is energized by a reader signal. The permanent error may, forexample, cause the card to be confiscated or generate a signalindicating the attempted use of a disabled card.

According to an embodiment of the present invention, the storedbiometric parameters comprise a user-initialized biometric password ofat least two temporally displaced entries of one or moreuser-initialized biometric inputs (e.g. thumb print or forefinger print)from one or more biometric sensors. A password may comprise at least afirst entry for the first user-initialized biometric input and atemporally displaced second entry for the second user-initializedbiometric input. A password may comprise at least a temporally displacedthird entry for either the first or second biometric inputs. Theuser-initialized biometric password provides an additional layer ofbiometric security. The biometric password may be used with biometricsensors in passive, battery-assisted passive or active secure datacards.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

In order that the advantages of the invention will be readilyunderstood, a more particular description of the invention brieflydescribed above will be rendered by reference to specific embodimentsthat are illustrated in the appended drawings. Understanding that thesedrawings depict only embodiments of the invention and are not thereforeto be considered to be limiting of its scope, the invention will bedescribed and explained with additional specificity and detail throughthe use of the accompanying drawings, in which:

FIGS. 1 a and 1 b are views of an embodiment of a passive secure datacard;

FIG. 2 is a diagram of an embodiment of a passive power module fordrawing power exclusively form an RF reader signal to power the card;

FIG. 3 is a block diagram of an embodiment of processing modulesimplemented on the RFID chip;

FIG. 4 is a flow diagram of an embodiment for card initialization andregistration;

FIG. 5 is a diagram illustrating an embodiment of either the initializeor use of a biometric password; and

FIG. 6 is a flow diagram of an embodiment of steps performed by the cardto perform a transaction.

DETAILED DESCRIPTION

It will be readily understood that the components of the presentinvention, as generally described and illustrated in the Figures herein,could be arranged and designed in a wide variety of differentconfigurations. Thus, the following more detailed description of theembodiments of the invention, as represented in the Figures, is notintended to limit the scope of the invention, as claimed, but is merelyrepresentative of certain examples of presently contemplated embodimentsin accordance with the invention. The presently described embodimentswill be best, understood by reference to, the drawings, wherein likeparts are designated by like numerals throughout.

In view of the foregoing, various secure data card embodiments areprovided. Biometric authorization is provided for a passive secure datacard. An additional layer of security may be provided in the form of abiometric password. Session timing may be enforced to limitopportunities of third parties to snoop transmitted information whileproviding ample time to complete the card transaction. Biometricattempts may be enforced to limit opportunities of third parties to hackthe biometric security.

With reference now to FIGS. 1 a and 1 b, an embodiment of a passivesecure data card 10 comprises a card 12. Card 12 may be of any sizesuitable for an intended application. For example, for a typicalconsumer point-of-sale (POS) application card 12 may be the size of atypical credit card. Card 12 may be formed from any suitable materiale.g. plastic. Certain unsecured information 14 may be imprinted onto thecard. For example, a user name, account number, expiration date etc. Thecontent of any unsecured information 14 will depend on the applicationfor which the card is used. The information may be, specific to aparticular user to whom the card is assigned to a particular object towhich the card is attached.

The RFID technology of card 10 is implemented with an antenna 16, apassive power module 18 and at least one (typically one) RFID chip 20.Antenna 16 is configured to receive an RF reader signal 22 from a cardreader 24. Passive power module 18 converts power drawn exclusively fromthe received reader signal 22 to power RFID chip 20. If card 10 is notin sufficiently close proximity to card reader 24 the card will not bepowered on. What constitutes “sufficiently close proximity” depends onthe transmit power of the card reader and the power requirements of thecard. Distances of less than 1 m are typical for passive data cards.

RFID chip 20 comprises at least one (typically one) microprocessor 26and one or more memory units 28 configured to store secure information30 about the user or object and when activated read and send the secureinformation to an RF transmitter 32 to transmit an RF data signal 33 viaantenna 16. Memory units 28 may comprise processor memory withinprocessor 26 or chip-level memory accessible by processor 26. The RFdata signal 33 may or may not be transmitted at the same frequency asthe reader signal. In embodiments the card preferably transmits the RFdata signal in an “open format” to maintain backward compatibility withan installed base of RFID card readers. The “open format” is a formatthat is both compatible with existing card readers and one that does notrequire specific knowledge or permissions to read.

The RFID technology of card 10 is further configured to include one ormore biometric sensors 34 formed on card 12. In this example, a pair ofbiometric sensors 34 is; provided on the front and back of card 12.Biometric sensors 34 receive power from passive power module 18 drawnexclusively from the reader signal. Consequently biometric sensors 34,like RFID chip 20, are only powered on when in sufficiently closeproximity to a card reader that is broadcasting a reader signal. Whenpowered, each biometric sensor 34 is configured to sense a biometricinput (e.g. fingerprint of a thumb or forefinger) from a card user andgenerate a biometric input signal 35 (e.g. a digital image of thefingerprint or specific features of the fingerprint) that is passed tothe RFID chip's microprocessor 26.

Technology for implementing biometric sensors 32 and fingerprintauthentication is commercially available. AuthenTec offers its AES850product as a multi-function smart sensor that provides fingerprintauthentication functions that could be integrated with the smart datacard. Other available fingerprint sensors include Upek TouchStrip swipesensor TCS3, Fujitsu MBF300, LighTuning LTI C300, Sony CXA362IGE andBMF-Hitachi BLP-100.

Different embodiments of secure data card 10 may employ biometricsensors and matching algorithms that sense biometric inputs other thanfingerprints. For example, ridgelines on a knuckle, crease lines of apalm or a scar pattern may be valid biometric inputs. Biometric sensorsthat sense biometric inputs other than skin patterns may be considered.

Biometric parameters 36 representative of user-initialized biometricinputs (e.g. a digital image of the fingerprint or specific features ofthe fingerprint) are stored in the one ore more memory units. Biometricparameters 36 may represent a single biometric input (e.g. athumbprint), or a pair of simultaneously biometric inputs (e.g. thumband forefinger prints) or a user-initialized biometric password definedas a sequence of at least two temporally displaced entries of one ormore user-initialized biometric inputs from one or more biometricsensors. A password may comprise at least a first entry for the firstuser-initialized biometric input (e.g. thumbprint) and a temporallydisplaced second entry for the second user-initialized biometric input(e.g. forefinger print). A password may comprise at least a temporallydisplaced third entry for either the first or second biometric inputs.The user-initialized biometric password provides an additional layer ofbiometric security. The biometric password may be used with biometricsensors in passive, battery-assisted passive or active secure datacards.

Microprocessor 26 compares the biometric input signal 35, or temporalsequence of input signals 35, to the stored biometric parameter's 36 anddetermines whether there is a match. A “match” does not have to be aperfect match; it must only satisfy the criteria for a match set forthin the processing algorithms. Such criteria are Well known fordetermining a fingerprint match. In the case of a biometric password, a“match” must not only match each biometric input to the user-initializedbiometric input but must also match the temporal sequence of thepassword (e.g. thumb, thumb, forefinger, forefinger).

Upon determination of a match, microprocessor 26 “activates” thestandard RFID technology to read the secure information from memory andpass it to RF transmitter 32 to transmit RF data signal 33 via antenna16. Activation of the RFID technology to transmit the secure informationrequires both power to the card and a biometric match. Activation mayalso require an enabling code be sent with, the reader signal or achallenge and response between the card reader and card, which isstandard RFID technology. In an embodiment, once a biometric match isdetermined the card continues to transmit the secure information as longas the reader signal is received. In another embodiment, the initialbiometric match initializes a clock, the card transmits the secureinformation until the expiration of a specified session time periodprovided the reader signal is still being received to power the card.This “time period” may be set to allow just enough time for the card totransmit the secure information a single time or a set number of times.Alternately, the user may set the time period at card initialization.

If the microprocessor 26 determines the input data signal(s) do notmatch the biometric parameters, the user may be allowed to retry. Thecard may be configured to allow for an unlimited number of attemptswithout restriction. Alternately, the card may be configured to allowonly a specified number of attempts, total or within a certain timeperiod, before the card is permanently deactivated. For example, if thenumber of unsuccessful attempts exceeds a connection attempt threshold,the microprocessor may delete, alter or otherwise destroy the secureinformation and biometric parameters stored on the card. The card mayoverwrite the secure information with a permanent error code that isthen transmitted when a reader signal is received. The error code may,for example, direct the secure data card to be confiscated or provideinformation to track the card.

With reference now to FIG. 2, an embodiment of a passive power module 50that powers the RFID chip and biometric sensor(s) with power drawnexclusively from the reader signal is depicted. The RF reader signalinduces an AC current 52 to flow in the card's antenna 54. Passive powermodule 50 comprises a capacitor 56, a full wave rectifier 58 thatrectifies the AC current to produce an unregulated voltage V1 across thecapacitor and a voltage regulator 60 that smoothes the unregulatedvoltage to supply one or more regulated voltages as long as the RFreader signal is received. If the RFID chip and biometric sensorsrequire the same voltage, the module is configured with a single voltageregulator to output a single regulated voltage VS. If the RFID, chip andbiometric sensors require different voltages, a pair of voltageregulators may be used to output regulated voltages VS1 and VS2. Thepair of regulators may be connected in parallel to the full waverectifier or in series with the second regulator providing a steppeddown voltage from the first regulator. Other circuit topologies may beimplemented to draw power solely from the reader signal to provide thepower requirements of the RFID chip and biometric sensor(s) on thepassive secure date card.

With reference now to FIG. 3, an embodiment of functional processingmodules and sub-modules implemented on one or more microprocessors andone or more memory units on the RFID chip is illustrated for providing apassive secure data card with different levels of biometric security. Ina passive secure data card sans biometric security, secure information60 is stored in one or more memory units. When power is extracted fromthe reader signal to power the RFID chip, a communication module 62reads secure information 60 from memory and sends the information to theRF transmitter, which in turn transmits the information in a secure datasignal. In addition to power, communication module 62 may receive a codein the reader signal to activate or may issue a response to a challengeto activate. Once activated, the communication module would continuouslytransmit the secure information as long as power is available.

Biometric security provides additional control over the activation ofcommunication module 62 and possible deactivation of the module. Eventhough power is available and any “handshaking” has been performed withthe card reader, the communication module will not activate and transmitthe secure information until activated by a biometric module 64. Atinitialization, biometric parameters 66 are stored in one or more memoryunits. As previously described, the biometric parameters may be a singlebiometric input, a pair of biometric inputs or a biometric password oftemporally displaced inputs. During use, a biometric input signal(s) 68is received from one or more biometric signals.

Biometric module 64 includes a biometric matching sub-module 70, asession time sub-module 72 and a biometric retry sub-module 74. Thebiometric module 64 functions as a controller to manage the sub-modulesand to communicate with the biometric sensors and the communicationmodule. Biometric matching sub-module 70 compares the input data signalor signals 68 to biometric parameters 66 to determine if there is amatch and returns a signal to the biometric module indicating a positivematch or a negative match. If the sub-module determines a positivematch, biometric module 64 sends a signal to activate communicationmodule 62, which in turn reads and sends the secure information to theRF transmitter.

Upon determination of a positive match and activation of thecommunication module, the biometric module may call session timersub-module 72. Session timer sub-module 72 starts a clock and uponexpiration of a specified session time period returns an expirationsignal to the biometric module. The biometric module in turn sends asignal to deactivate communication module 62, thereby terminatingtransmission of the secure information.

Upon determination of a negative match, the biometric module may callbiometric retry sub-module 74. Biometric retry sub-module 74 incrementsa counter each time a negative match is received. The counter may resetto zero after a reset time period. If the counter exceeds a connectionattempt threshold, the retry sub-module 74 sends returns an errorsignal. The reset time period (if any) and the threshold may behardcoded or set by the user during initialization. The biometric modulesends a signal to the communication module causing the secureinformation to be permanently altered or destroyed. For example, thesignal may cause the power module to overcharge the RFID chip andphysically damage or destroy the memory. Alternately, the signal maycause the secure information to be permanently overwritten with an errorcode. If and when the card is powered on, the communication moduletransmits the error code to the card reader, which may result inconfiscation of the card by a person or machine or tracking of the card.The biometric module may also send a signal alter, destroy or overwritethe biometric parameters.

With reference to FIG. 4, an embodiment for initialization andregistration of a passive secure data card with biometric security isdescribed. A user may initialize and register a passive secure data cardvia a kiosk (e.g. at a company, business, homeland security office ormilitary installation) or home computer that includes a card reader.Prior to initializing the card, the user may be required to input datainto the kiosk or home computer to set up an account, enter personalinformation, enter or confirm the secure information that will be storedon the card etc. System software implemented on the kiosk or homecomputer will guide the user through the initialization and registrationprocess.

Once this is complete, the user places the secure data card insufficiently close proximity to the card reader to energize the securedata card (step 80), which activates the biosensor and RFID chip. Duringinitialization and registration, data from the system software residentin the kiosk or home computer may be communicated to the card via thereader signal. The communication module processes the data and passesappropriate information to the biometric module.

The user provides the biometric inputs via one or more biometric sensorson the card to set the biometric parameters (step 82). The user may bedirected to input a specific sequence such as a “thumbprint” or“thumbprint and forefinger print” simultaneously on sensors on front andback of the card. In this case, the biometric security wholly resides inthe uniqueness of the user's thumbprint of forefinger print.Alternately, the user may be directed to input a temporal sequence oftheir choosing of between, for example, 3-5, temporally displacedbiometric inputs on the one or more sensors (e.g. thumb, thumb,forefinger, forefinger, thumb). This sequence known only to the usercreates a biometric password that provides an additional layer ofbiometric security. Once the user has completed the biometric inputs thesystem tray prompt the user to repeat the process to verify thebiometric inputs and password.

The session time period is =set (step 84). Either the system for usermay set this time period. The system may estimate the amount of time itwill take the card, once activated by the biometric authentication, toread and transmit the secure information. The system may set a sessiontime period that is just long enough to transmit the RF data signalonce, twice or a specified number of times. Alternately, a user mayspecify the session time period.

The connection attempt threshold is set (step 86). Either the system orthe user may set the connection attempt threshold specifying the numberof retries (total or within a connection attempt time period) that thecard will accept before overwriting the information on the card andlogging a permanent error. If the threshold is set for a time period,either the system or user may set the time period.

The secure information is stored on the card (step 88). Secureinformation may be stored on the card via the reader signal at the timeof initialization and registration. Alternately, secure informationcould be stored on the card prior to the initialization process via areader signal or other interface. How the secure information is storedon the card will depend on the particular application for the card. Forexample, a user may be provided with a “blank” secure data card in whichcase all of the secure information and biometric security information isdownloaded and, stored during initialization and registration.Alternately, a user may be provided with a “personalized” secure datacard in which the secure information, and other information is alreadystored on the card. In this case, the user only sets the biometricsecurity information during initialization and registration. The orderof the steps 82-88 is interchangeable.

Once all of the biometric security information and secure informationare stored in the secure data card, the secure data card is “activated”(step 90). The system may prompt the user to attempt a transaction toverify that the biometric security and security settings andtransmission of the secure information are working properly. Onceverified, the initialization and registration process ends (step 92) andthe passive secure data card its ready to be used

With reference to FIG. 5, an embodiment for creating and storing abiometric password 100 in a secure data card 102 is illustrated. Thebiometric password 100 comprises at least two temporally displacedentries 104 of one or more user-initialized biometric inputs. In thisexample, biometric password 100 includes five temporally displacedentries selected from two biometric inputs (thumbprint and forefingerprint) input via two separate biometric sensors. A biometric, sensor 106on the front, of the card for the thumbprint and a biometric sensor (notshown) on the back of the card. During initialization, the user willcreate the password using his or her thumb and forefinger in a desiredtemporal sequence. The card will store the biometric parameters for thethumb, forefinger and a temporal sequence of the combination. The usermay be prompted to reenter the sequence to confirm the password. Duringuse of the card, the user is expected to enter the same sequence ofbiometric inputs. The card determines if each biometric input is a matchand if the entire sequence is a match in order to determine a positivematch.

With reference to FIG. 6, an embodiment for using a secure data cardwith biometric, security is illustrated. To start a transaction (step110), a passive secure data card activated (step 112) by placing thecard is close proximity to a card reader. Close proximity may or may notrequire contact between the card reader and the card depending on theapplication. A user enters a biometric input or sequence of biometricinputs via one or more biometric sensors. The card determines whetherthe biometric inputs match the stored biometric parameters or password(step 114). If a positive match is determined, the card activates thecommunication module (step 116) to read and transmit the secureinformation. The card may then initiate and monitor a clock to determineif a session timer has expired (step 118). If not, the communicationmodule remains active. If yes, the card deactivates the communicationmodule (step 120) and ends the sessions (step 122). If the user was notable to complete the desired transaction, he or she may restart theentire process.

If a negative match is determined in step 114, the card increments acounter (step 124). The counter may be reset to zero upon determinationof a positive match or after the expiration of a retry time period. Thecard determines whether the counter exceeds a connection attemptthreshold counter (step 126). If no, the user may retry to provide thecorrect biometric inputs to activate the card until the thresholdcounter is exceeded. If yes, the card may delete the secure information(step 128) and, log a permanent err or, on the card (step 130) and endthe session (step 132).

As will be appreciated by one of ordinary skill in the art, aspects ofthe present invention may be embodied as a system, method or computerprogram product. Accordingly, aspects of the present invention may takethe form of an entirely hardware embodiment, an entirely softwareembodiment (including firmware, resident software, micro-code, etc.) oran embodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Aspects of the present invention are described with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus, toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the above figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock might occur out of the order noted in the figures. For example,two blocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “Comprising,” when used in this specification, specify thepresence of stated, features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding, structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableother of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

What is claimed is:
 1. A passive secure data card, comprising: a card;an antenna tuned to receive an external RF reader signal; a passivepower module coupled to the antenna, said passive power moduleconverting power drawn exclusively from the external RF reader signal tosupply one or more voltages to a biometric sensor and at least one radiofrequency identification (RFID) chip; said biometric sensor configuredto sense a biometric input from a card user and generate a biometricinput signal, said biometric input and biometric input signal providingdistinctive and measurable characteristics to identify individual cardusers; and said at least one RFID chip comprising an RF transmitter andone or more processors and memory units configured to implement acommunication module that stores information and a biometric module thatstores biometric parameters representative of user-initialized biometricinputs, and in response to biometric input from the biometric sensorcompares the biometric input signal to the stored biometric parametersand, upon determination of a match authenticates and authorizes thatcard user and activates the communication module, which in turn readsand sends the information to the RF transmitter to transmit an RF datasignal via the antenna, wherein said communication module, althoughpower is available from the external RF reader signal, will not activeand transmit the information until activated by the biometric module. 2.The secure data card of claim 1, wherein upon determination of thematch, said biometric module activates the communication module for aspecified session time period provided power is still available from theexternal RF reader signal.
 3. The secure data card of claim 2, whereinsaid specified time period is just long enough to transmit the RF datasignal.
 4. The secure data card of claim 2, wherein said specified timeperiod is user defined during card initialization.
 5. The secure datacard of claim 1, wherein the stored biometric parameters comprise auser-initialized biometric password of at least two temporally displacedentries of one or more user-initialized biometric inputs, said biometricmodule compares a temporal sequence of the biometric input signals tothe biometric password to determine whether a match exists.
 6. Thesecure data card of claim 5, wherein said biometric password comprisesat least a first entry for a first user-initialized biometric input anda second entry for a different second user-initialized biometric input.7. The secure data card of claim 1, wherein the card transmits the RFdata signal in an open format to maintain backward compatibility with aninstalled base of RFID card readers.
 8. The secure data card of claim 1,wherein the biometric module stores a connection attempt threshold andcounts a card user's number of attempts to provide the biometric inputsto match the biometric parameters, and upon exceeding the connectionattempt threshold said biometric module permanently alters theinformation stored with the communication module.
 9. The secure datacard of claim 8, wherein said biometric module writes a permanent errorto the card that is transmitted as the RF data signal.
 10. The securedata card of claim 8, wherein said biometric module alters the biometricparameters stored on the card.
 11. The secure data card of claim 1,wherein the passive power module supplies at least a first voltage tosupply power to the biometric sensor and a second voltage to supplypower to the RFID chip where said first and second voltages are suppliedat different voltage levels.
 12. The secure data card of claim 1,wherein external RF reader signal induces an AC current in the antenna,said passive power module comprises a capacitor, a full wave rectifierthat rectifies the AC current to produce an unregulated voltage acrossthe capacitor and a voltage regulator that smoothes the unregulatedvoltage to supply the one or more voltages as long as the external RFreader signal is received.
 13. A passive secure data card, comprising: acard; an antenna tuned to receive an external RF reader signal; apassive power module coupled to the antenna, said passive power moduleconverting power drawn exclusively from the external RF reader signal tosupply one or more voltages to one or more biometric sensors and a radiofrequency identification (RFID) chip as long as the external RF readersignal is received; each said biometric sensor configured to sense abiometric input from a card user and generate a biometric input signal,said biometric input and biometric input signal providing distinctiveand measurable characteristics to identify individual card users; andsaid RFID chip comprising: an RF transmitter, and one or more processorsand memory units configured to implement a communication module thatstores information and when activated reads and sends the information into the RF transmitter to transmit an RF data signal via the antenna, abiometric module that stores a user-initialized biometric password of atleast two temporally displaced entries of one or more user-initializedbiometric parameters representative of user-initialized biometricinputs, and in response to a sequence of biometric inputs from the oneor more biometric sensors compares a sequence of biometric input signalsto the stored biometric password and, upon determination of a matchauthenticates and authorizes that card user and activates thecommunication module for a specified session time period, saidcommunication module in turn reads and sends the information to the RFtransmitter to trans transmit an RF data signal via the antenna, whereinsaid communication module, although power is available from the externalRF reader signal, will not active and transmit the information untilactivated by the biometric module, wherein said biometric module storesa connection attempt threshold and counts a card user's number ofattempts to provide the sequence of biometric inputs to match thebiometric password, and upon exceeding the connection attempt thresholdsaid biometric module overwrites the information with a permanent errorand transmits the permanent error in the RF data signal.
 14. The securedata card of claim 13, wherein the card comprises at least first andsecond sensors for sensing at least first and second biometric inputsthat correspond to different first and second user-initialized biometricinputs, said biometric password comprising at least a first entry forsaid first user-initialized biometric input and a second entry for saidsecond user-initialized biometric input.
 15. The secure data card ofclaim 13, wherein the card transmits the RF data signal in an openformat to maintain backward compatibility with an installed base of RFIDchip readers.
 16. The secure data card of claim 13, wherein externalreader signal induces an AC current in the antenna, said passive powermodule comprises a capacitor, a full wave rectifier that rectifies theAC current to produce an unregulated voltage across the capacitor and avoltage regulator that smoothes the unregulated voltage to supply theone or more voltages.
 17. A secure data card, comprising: a card; anantenna tuned to receive an external RF reader signal; at least onebiometric sensor configured to sense a biometric input from a card userand generate a biometric input signal, said biometric input andbiometric input signal providing distinctive and measurablecharacteristics to identify individual card users; and at least oneradio frequency identification (RFID) chip comprising an RF transmitter,and one or more processors and memory units configured to implement acommunication module that stores information and when activated readsthe information and sends the information in to the RF transmitter totransmit an RF data signal via the antenna, and a biometric module thatstores a user-initialized biometric password of at least two temporallydisplaced entries of one or more user-initialized biometric inputs, andin response to a sequence of biometric inputs from the one or morebiometric sensors compares a sequence of biometric input signals to thestored biometric password and, upon determination of a match of eachbiometric input and the temporal sequence of those biometric inputsactivates the communication module, which in turn reads and sends theinformation to the RF transmitter to transmit an RF data signal via theantenna, wherein said communication module, although power is available,will not active and transmit the information until activated by thebiometric module.
 18. The secure data card of claim 17, wherein saidbiometric password comprises at least a first entry for a firstuser-initialized biometric input and a second entry for a differentsecond user-initialized biometric input.